Sign-up

ID

VAR-201906-0005


CVE

CVE-2019-3569


TITLE

Facebook HHVM Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-37156 // CNNVD: CNNVD-201906-1018

DESCRIPTION

HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series. HHVM Contains an information disclosure vulnerability.Information may be obtained. Facebook HHVM (also known as HipHop Virtual Machine) is a virtual machine that can significantly improve the performance of PHP loading dynamic pages

Trust: 2.16

sources: NVD: CVE-2019-3569 // JVNDB: JVNDB-2019-005967 // CNVD: CNVD-2019-37156

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-37156

AFFECTED PRODUCTS

vendor:facebookmodel:hhvmscope:eqversion:4.3.0

Trust: 1.6

vendor:facebookmodel:hhvmscope:eqversion:4.4.0

Trust: 1.6

vendor:facebookmodel:hhvmscope:eqversion:4.5.0

Trust: 1.6

vendor:facebookmodel:hhvmscope:eqversion:4.6.0

Trust: 1.6

vendor:facebookmodel:hhvmscope:eqversion:4.7.0

Trust: 1.6

vendor:facebookmodel:hhvmscope:eqversion:4.8.0

Trust: 1.6

vendor:facebookmodel:hhvmscope:eqversion:4.0.0

Trust: 1.0

vendor:facebookmodel:hhvmscope:eqversion:4.0.1

Trust: 1.0

vendor:facebookmodel:hhvmscope:eqversion:4.0.2

Trust: 1.0

vendor:facebookmodel:hhvmscope:eqversion:4.0.3

Trust: 1.0

vendor:facebookmodel:hhvmscope:eqversion:4.1.0

Trust: 1.0

vendor:facebookmodel:hhvmscope:eqversion:4.2.0

Trust: 1.0

vendor:facebookmodel:hhvmscope:eqversion:4.0.4

Trust: 1.0

vendor:facebookmodel:hhvmscope:lteversion:3.30.5

Trust: 1.0

vendor:facebookmodel:hiphop virtual machinescope: - version: -

Trust: 0.8

vendor:facebookmodel:hhvmscope:eqversion:4.0

Trust: 0.6

vendor:facebookmodel:hhvmscope:eqversion:4.1

Trust: 0.6

vendor:facebookmodel:hhvmscope:eqversion:4.2

Trust: 0.6

vendor:facebookmodel:hhvmscope:lteversion:<=3.30.5

Trust: 0.6

sources: CNVD: CNVD-2019-37156 // JVNDB: JVNDB-2019-005967 // NVD: CVE-2019-3569

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3569
value: HIGH

Trust: 1.0

NVD: CVE-2019-3569
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-37156
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201906-1018
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-3569
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-37156
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-3569
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-3569
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-37156 // JVNDB: JVNDB-2019-005967 // CNNVD: CNNVD-201906-1018 // NVD: CVE-2019-3569

PROBLEMTYPE DATA

problemtype:CWE-552

Trust: 1.0

problemtype:CWE-668

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2019-005967 // NVD: CVE-2019-3569

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-1018

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201906-1018

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005967

PATCH
title:HHVM 4.9.0, and security updates for 3.30, and 4.3-4.7url:https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html
Trust: 0.8
title:Fix default FastCGI interfaceurl:https://github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74ed
Trust: 0.8
title:Patch for Facebook HHVM Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/186771
Trust: 0.6
title:Facebook HHVM Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94145
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-37156 // 
            
            
            
            JVNDB: JVNDB-2019-005967 // 
            
            
            
            CNNVD: CNNVD-201906-1018

EXTERNAL IDS
db:NVDid:CVE-2019-3569
Trust: 3.0
db:JVNDBid:JVNDB-2019-005967
Trust: 0.8
db:CNVDid:CNVD-2019-37156
Trust: 0.6
db:CNNVDid:CNNVD-201906-1018
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-37156 // 
            
            
            
            JVNDB: JVNDB-2019-005967 // 
            
            
            
            CNNVD: CNNVD-201906-1018 // 
            
            
            
            NVD: CVE-2019-3569

REFERENCES
url:https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html
Trust: 2.2
url:https://github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74ed
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-3569
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3569
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-37156 // 
            
            
            
            JVNDB: JVNDB-2019-005967 // 
            
            
            
            CNNVD: CNNVD-201906-1018 // 
            
            
            
            NVD: CVE-2019-3569

SOURCES
db:CNVDid:CNVD-2019-37156
db:JVNDBid:JVNDB-2019-005967
db:CNNVDid:CNNVD-201906-1018
db:NVDid:CVE-2019-3569

LAST UPDATE DATE
2024-11-23T21:37:16.060000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-37156date:2019-10-25T00:00:00
db:JVNDBid:JVNDB-2019-005967date:2019-07-04T00:00:00
db:CNNVDid:CNNVD-201906-1018date:2021-09-15T00:00:00
db:NVDid:CVE-2019-3569date:2024-11-21T04:42:11.060

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-37156date:2019-10-24T00:00:00
db:JVNDBid:JVNDB-2019-005967date:2019-07-04T00:00:00
db:CNNVDid:CNNVD-201906-1018date:2019-06-26T00:00:00
db:NVDid:CVE-2019-3569date:2019-06-26T15:15:09.887